diff --git a/.github/workflows/actions_release.yml b/.github/workflows/actions_release.yml index a72cb75..cdcd26e 100644 --- a/.github/workflows/actions_release.yml +++ b/.github/workflows/actions_release.yml @@ -10,6 +10,10 @@ on: description: "Specify the build script to run" required: false default: "npm run build" + node_version: + description: "Specify Node.js version (e.g., '18', '20', 'lts/*')" + required: false + default: "24" permissions: contents: read @@ -23,4 +27,5 @@ jobs: uses: step-security/reusable-workflows/.github/workflows/actions_release.yaml@v1 with: tag: "${{ github.event.inputs.tag }}" - script: "${{ github.event.inputs.script }}" \ No newline at end of file + script: "${{ github.event.inputs.script }}" + node_version: "${{ github.event.inputs.node_version }}" \ No newline at end of file diff --git a/.github/workflows/audit_package.yml b/.github/workflows/audit_package.yml index 7234a22..c33388f 100644 --- a/.github/workflows/audit_package.yml +++ b/.github/workflows/audit_package.yml @@ -15,7 +15,11 @@ on: description: "Specify the build script to run" required: false type: string - default: "npm run build" + default: "npm run build" + node_version: + description: "Specify Node.js version (e.g., '18', '20', 'lts/*')" + required: false + default: "24" schedule: - cron: "0 0 * * 1" @@ -26,6 +30,7 @@ jobs: with: base_branch: ${{ github.event.inputs.base_branch || 'main' }} script: ${{ github.event.inputs.script || 'yarn build' }} + node_version: "${{ inputs.node_version || '24' }}" permissions: contents: write diff --git a/.github/workflows/auto_cherry_pick.yml b/.github/workflows/auto_cherry_pick.yml index 8ac9704..c389219 100644 --- a/.github/workflows/auto_cherry_pick.yml +++ b/.github/workflows/auto_cherry_pick.yml @@ -15,6 +15,10 @@ on: description: "Run mode: cherry-pick or verify" required: false default: "cherry-pick" + node_version: + description: "Specify Node.js version (e.g., '18', '20', 'lts/*')" + required: false + default: "24" pull_request: types: [opened, synchronize, labeled] @@ -35,4 +39,5 @@ jobs: package_manager: "yarn" script: ${{ inputs.script || 'npm run build' }} mode: ${{ github.event_name == 'pull_request' && 'verify' || inputs.mode }} + node_version: "${{ inputs.node_version || '24' }}" diff --git a/README.md b/README.md index a3930ef..19181da 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +[![StepSecurity Maintained Action](https://raw.githubusercontent.com/step-security/maintained-actions-assets/main/assets/maintained-action-banner.png)](https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions) + # Github Action for sending message (and reactions/threads/update/blocks) to Slack — With support for Slack's optional arguments diff --git a/dist/index.js b/dist/index.js index b76c135..0728315 100644 --- a/dist/index.js +++ b/dist/index.js @@ -35935,6 +35935,8 @@ module.exports = { apiPostMessage, apiAddReaction, apiUpdateMessage }; /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { const axios = __nccwpck_require__(7269); +const fs = __nccwpck_require__(9896); +const core = __nccwpck_require__(7484); const context = __nccwpck_require__(4270); const { postMessage } = __nccwpck_require__(57); const { addReaction } = __nccwpck_require__(8725); @@ -35943,19 +35945,48 @@ const { updateMessage } = __nccwpck_require__(4217); const jsonPretty = (data) => JSON.stringify(data, undefined, 2); async function validateSubscription() { - const API_URL = `https://agent.api.stepsecurity.io/v1/github/${process.env.GITHUB_REPOSITORY}/actions/subscription`; - + let repoPrivate; + const eventPath = process.env.GITHUB_EVENT_PATH; + if (eventPath && fs.existsSync(eventPath)) { + const payload = JSON.parse(fs.readFileSync(eventPath, "utf8")); + repoPrivate = payload?.repository?.private; + } + + const upstream = "archive/github-actions-slack"; + const action = process.env.GITHUB_ACTION_REPOSITORY; + const docsUrl = + "https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions"; + + core.info(""); + core.info("StepSecurity Maintained Action"); + core.info(`Secure drop-in replacement for ${upstream}`); + if (repoPrivate === false) + core.info("✓ Free for public repositories"); + core.info(`Learn more: ${docsUrl}`); + core.info(""); + + if (repoPrivate === false) return; + const serverUrl = process.env.GITHUB_SERVER_URL || "https://github.com"; + const body = { action: action || "" }; + + if (serverUrl !== "https://github.com") body.ghes_server = serverUrl; try { - await axios.get(API_URL, {timeout: 3000}); + await axios.post( + `https://agent.api.stepsecurity.io/v1/github/${process.env.GITHUB_REPOSITORY}/actions/maintained-actions-subscription`, + body, + { timeout: 3000 }, + ); } catch (error) { - if (error.response && error.response.status === 403) { - console.error( - 'Subscription is not valid. Reach out to support@stepsecurity.io' + if (axios.isAxiosError(error) && error.response?.status === 403) { + core.error( + `This action requires a StepSecurity subscription for private repositories.`, + ); + core.error( + `Learn how to enable a subscription: ${docsUrl}`, ); process.exit(1); - } else { - core.info('Timeout or API not reachable. Continuing to next step.'); } + core.info("Timeout or API not reachable. Continuing to next step."); } } diff --git a/src/invoke.js b/src/invoke.js index 8c0c0c1..a05b0d5 100644 --- a/src/invoke.js +++ b/src/invoke.js @@ -1,4 +1,6 @@ const axios = require('axios'); +const fs = require('fs'); +const core = require('@actions/core'); const context = require("./context"); const { postMessage } = require("./message"); const { addReaction } = require("./reaction"); @@ -7,19 +9,48 @@ const { updateMessage } = require("./update-message"); const jsonPretty = (data) => JSON.stringify(data, undefined, 2); async function validateSubscription() { - const API_URL = `https://agent.api.stepsecurity.io/v1/github/${process.env.GITHUB_REPOSITORY}/actions/subscription`; + let repoPrivate; + const eventPath = process.env.GITHUB_EVENT_PATH; + if (eventPath && fs.existsSync(eventPath)) { + const payload = JSON.parse(fs.readFileSync(eventPath, "utf8")); + repoPrivate = payload?.repository?.private; + } + + const upstream = "archive/github-actions-slack"; + const action = process.env.GITHUB_ACTION_REPOSITORY; + const docsUrl = + "https://docs.stepsecurity.io/actions/stepsecurity-maintained-actions"; + + core.info(""); + core.info("StepSecurity Maintained Action"); + core.info(`Secure drop-in replacement for ${upstream}`); + if (repoPrivate === false) + core.info("✓ Free for public repositories"); + core.info(`Learn more: ${docsUrl}`); + core.info(""); + if (repoPrivate === false) return; + const serverUrl = process.env.GITHUB_SERVER_URL || "https://github.com"; + const body = { action: action || "" }; + + if (serverUrl !== "https://github.com") body.ghes_server = serverUrl; try { - await axios.get(API_URL, {timeout: 3000}); + await axios.post( + `https://agent.api.stepsecurity.io/v1/github/${process.env.GITHUB_REPOSITORY}/actions/maintained-actions-subscription`, + body, + { timeout: 3000 }, + ); } catch (error) { - if (error.response && error.response.status === 403) { - console.error( - 'Subscription is not valid. Reach out to support@stepsecurity.io' + if (axios.isAxiosError(error) && error.response?.status === 403) { + core.error( + `This action requires a StepSecurity subscription for private repositories.`, + ); + core.error( + `Learn how to enable a subscription: ${docsUrl}`, ); process.exit(1); - } else { - core.info('Timeout or API not reachable. Continuing to next step.'); } + core.info("Timeout or API not reachable. Continuing to next step."); } }